Kaydka NPM wuxuu aqoonsaday 17 xirmo xaasidnimo ah oo la qaybiyay iyadoo la isticmaalayo nooca isku-duubnida, i.e. iyada oo loo xilsaaray magacyo la mid ah magacyada maktabadaha caanka ah iyada oo la filayo in isticmaaluhu uu samayn doono typo marka uu qorayo magaca ama ma ogaan doono farqiga marka uu dooranayo module ka mid ah liiska.
Discord-selfbot-v14, discord-lofy, discord system, iyo discord-vilao xirmooyinka waxay adeegsadeen nooc wax laga beddelay oo ah maktabadda discord.js ee sharciga ah, kaas oo bixiya hawlaha la falgalka Discord API. Qaybaha xaasidnimada leh ayaa lagu dhex daray mid ka mid ah faylalka xirmada waxaana ka mid ahaa ku dhawaad ββ4000 oo xariiq oo kood ah, oo la daboolay iyadoo la adeegsanayo beddelka magaca beddelka, sireynta xargaha, iyo xadgudubyada qaabaynta koodka. Koodhku wuxuu sawiray FS maxalliga ah ee calaamadaha Discord oo, haddii la ogaado, wuxuu u diray server-ka weerarka.
Xirmada qaladka hagaajinta ayaa la sheegay in lagu hagaajinayo dhiqlaha Discord selfbot, laakiin waxaa ku jiray barnaamijka Trojan ee loo yaqaan PirateStealer kaas oo xado lambarrada kaararka deynta iyo xisaabaadka la xiriira Discord. Qaybta xaasidnimada leh waxaa la hawlgeliyay iyada oo gelinta JavaScript code macmiilka Discord.
Xirmada prerequests-xcode waxaa ku jiray Trojan oo loogu talagalay abaabulka gelitaanka fog ee nidaamka isticmaalaha, oo ku saleysan codsiga DiscordRAT Python.
Waxaa la rumeysan yahay in weerarradu ay u baahan karaan marin u helidda server-yada Discord si ay u geeyaan dhibcaha kontoroolka botnet, sida wakiil si ay u soo dejiyaan macluumaadka nidaamyada la jabsaday, weerarrada la daboolo, u qaybiyaan malware-ka isticmaaleyaasha Discord, ama dib u iibiya akoonnada premium.
Xirmooyinka wafer-bind, wafer-autocomplete, wafer-becon, wafer-caas, wafer-toggle, wafer-gelocation, wafer-image, form wafer-sanduuq, wafer-lightbox, octavius-public iyo mrg-farimaha-dallaalka waxaa ku jiray koodka in loo diro waxa ku jira doorsoomayaasha deegaanka, kuwaas oo, tusaale ahaan, ka mid noqon kara furayaasha gelitaanka, calaamadaha ama furayaasha sirta ah ee nidaamyada isdhexgalka joogtada ah ama jawiga daruuraha sida AWS.
Source: opennet.ru